Abstract: To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or writable, but not both. Before changing from writable but not executable to executable but not writable, the page is scanned for malicious code. To prevent packers from evading this scanning, a countermeasure tracks the memory mapping in the host system to enforce consistency in the protection settings for all memory spaces that are mapped to the same physical memory page.

Abstract: A computer-implemented method for recording behavioral information of an unverified component is described. Interactions between a first process and an unverified component loaded in the first process are monitored. A fault is detected from the monitored interactions. Information associated with an event is sent to a proxy module loaded in a second process. The execution of the event in the second process is verified. Information associated with the behavior of the unverified component during the execution of the event is recorded.

Abstract: A computer-implemented method includes identifying a buffer overflow vulnerability in a vulnerable program including identifying a victim buffer creation site that created a victim buffer and identifying a vulnerability site that overflowed the victim buffer. A patch is created for the vulnerable program to prevent the vulnerability site from overflowing a potential victim buffer created by the victim buffer creation site. In this manner, the information obtained in identifying the buffer overflow vulnerability is used to automatically derive a patch that accurately seals the vulnerability, greatly reduces the false positive and negative rate, while at the same time shortens the response time to new threats.

Abstract: The packing manager provides an automated method that allows existing AV scanning technology to be applied to detect known malware samples packed by one or more packers that are potentially proprietary. The packing manager tracks the memory areas to which an executable binary writes and executes, and so can unpack programs packed by multiple arbitrary packers without requiring reverse-engineering of the packers or any human intervention. By tracking page modification and execution of an executable binary at run time, the packing control module can detect the instant at which the program's control is first transferred to a page whose content is dynamically generated, so AV scanning can then be invoked. Thus, code cannot be executed under the packing control manager without being scanned by an AV scanner first.

Abstract: A security module detects attempted exploitations of vulnerabilities of an application executing on a computer. A robust function of the application having native error handling functionality is identified. The security module wraps the robust function with an exception handler that catches a “security violation” exception. The exception handler returns an error code of a type that is handled by the application's native error handling functionality. The security module also hooks the application. When a hook is followed, the security module determines whether a vulnerability in the application is being exploited. If an attempted exploit is detected, the security module throws the security violation exception. The application's native error handling functionality unwinds the call stack for the application until it reaches the exception handler wrapping the robust function.

Abstract: A seamless vertical handoff method allows the network applications and connections on a mobile node to continue without disruption as it moves within a wireless overlay network that comprises multiple possibly overlapping layers of wireless networks (e.g., a WLAN and a WWAN) with different underlying technologies, providing mobile roaming capabilities. The method comprises a WLAN access point signal strength monitor for determining when to switch between WLAN and WWAN, and a network connection migration scheme that can move an active network connection from a wireless link of one technology to another wireless link of a different technology in a way that is transparent to the user, the remote end of the network connection, and the operator of the WWAN carrier.

Abstract: A system for distributing content to a mobile client includes a video acquisition server receiving a video signal and converting the video signal into a stream, and a video server connected to the video acquisition server, receiving the stream and storing the stream for real-time, on-demand video playback.

Abstract: A method for channel assignment in a wireless network includes determining a channel/route configuration comprising channel assignments and routing information for a plurality of nodes of the wireless network providing a desired initial network cross-section throughput, determining a link capacity for each link between a plurality of node pairs of the plurality of nodes, and modifying the route information of the channel/route configuration according to the link capacity.

Abstract: A seamless vertical handoff method allows the network applications and connections on a mobile node to continue without disruption as it moves within a wireless overlay network that comprises multiple possibly overlapping layers of wireless networks (e.g., a WLAN and a WWAN) with different underlying technologies, providing mobile roaming capabilities. The method comprises a WLAN access point signal strength monitor for determining when to switch between WLAN and WWAN, and a network connection migration scheme that can move an active network connection from a wireless link of one technology to another wireless link of a different technology in a way that is transparent to the user, the remote end of the network connection, and the operator of the WWAN carrier.